Removed more XHR leftovers.
This commit is contained in:
parent
053109fe4f
commit
f9d2ca2bb5
3 changed files with 117 additions and 232 deletions
|
@ -11,22 +11,10 @@ $postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0;
|
||||||
$postMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
|
$postMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
|
||||||
$submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) && $_GET['confirm'] === '1';
|
$submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) && $_GET['confirm'] === '1';
|
||||||
|
|
||||||
// basing whether or not this is an xhr request on whether a referrer header is present
|
|
||||||
// this page is never directy accessed, under normal circumstances
|
|
||||||
$redirect = !empty($_SERVER['HTTP_REFERER']) && empty($_SERVER['HTTP_X_MISUZU_XHR']) ? $_SERVER['HTTP_REFERER'] : '';
|
|
||||||
$isXHR = !$redirect;
|
|
||||||
|
|
||||||
if($isXHR) {
|
|
||||||
header('Content-Type: application/json; charset=utf-8');
|
|
||||||
} elseif(!is_local_url($redirect)) {
|
|
||||||
echo render_info('Possible request forgery detected.', 403);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
$postRequestVerified = CSRF::validateRequest();
|
$postRequestVerified = CSRF::validateRequest();
|
||||||
|
|
||||||
if(!empty($postMode) && !UserSession::hasCurrent()) {
|
if(!empty($postMode) && !UserSession::hasCurrent()) {
|
||||||
echo render_info_or_json($isXHR, 'You must be logged in to manage posts.', 401);
|
echo render_info('You must be logged in to manage posts.', 401);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -34,27 +22,14 @@ $currentUser = User::getCurrent();
|
||||||
$currentUserId = $currentUser === null ? 0 : $currentUser->getId();
|
$currentUserId = $currentUser === null ? 0 : $currentUser->getId();
|
||||||
|
|
||||||
if(isset($currentUser) && $currentUser->isBanned()) {
|
if(isset($currentUser) && $currentUser->isBanned()) {
|
||||||
echo render_info_or_json($isXHR, 'You have been banned, check your profile for more information.', 403);
|
echo render_info('You have been banned, check your profile for more information.', 403);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if(isset($currentUser) && $currentUser->isSilenced()) {
|
if(isset($currentUser) && $currentUser->isSilenced()) {
|
||||||
echo render_info_or_json($isXHR, 'You have been silenced, check your profile for more information.', 403);
|
echo render_info('You have been silenced, check your profile for more information.', 403);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if($isXHR) {
|
|
||||||
if(!$postRequestVerified) {
|
|
||||||
http_response_code(403);
|
|
||||||
echo json_encode([
|
|
||||||
'success' => false,
|
|
||||||
'message' => 'Possible request forgery detected.',
|
|
||||||
]);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
header(CSRF::header());
|
|
||||||
}
|
|
||||||
|
|
||||||
$postInfo = forum_post_get($postId, true);
|
$postInfo = forum_post_get($postId, true);
|
||||||
$perms = empty($postInfo)
|
$perms = empty($postInfo)
|
||||||
? 0
|
? 0
|
||||||
|
@ -103,22 +78,10 @@ switch($postMode) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if($canDelete !== MSZ_E_FORUM_POST_DELETE_OK) {
|
if($canDelete !== MSZ_E_FORUM_POST_DELETE_OK) {
|
||||||
if($isXHR) {
|
|
||||||
http_response_code($responseCode);
|
|
||||||
echo json_encode([
|
|
||||||
'success' => false,
|
|
||||||
'post_id' => $postInfo['post_id'],
|
|
||||||
'code' => $canDelete,
|
|
||||||
'message' => $canDeleteMsg,
|
|
||||||
]);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
echo render_info($canDeleteMsg, $responseCode);
|
echo render_info($canDeleteMsg, $responseCode);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!$isXHR) {
|
|
||||||
if($postRequestVerified && !$submissionConfirmed) {
|
if($postRequestVerified && !$submissionConfirmed) {
|
||||||
url_redirect('forum-post', [
|
url_redirect('forum-post', [
|
||||||
'post' => $postInfo['post_id'],
|
'post' => $postInfo['post_id'],
|
||||||
|
@ -137,7 +100,6 @@ switch($postMode) {
|
||||||
]);
|
]);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
$deletePost = forum_post_delete($postInfo['post_id']);
|
$deletePost = forum_post_delete($postInfo['post_id']);
|
||||||
|
|
||||||
|
@ -145,15 +107,6 @@ switch($postMode) {
|
||||||
AuditLog::create(AuditLog::FORUM_POST_DELETE, [$postInfo['post_id']]);
|
AuditLog::create(AuditLog::FORUM_POST_DELETE, [$postInfo['post_id']]);
|
||||||
}
|
}
|
||||||
|
|
||||||
if($isXHR) {
|
|
||||||
echo json_encode([
|
|
||||||
'success' => $deletePost,
|
|
||||||
'post_id' => $postInfo['post_id'],
|
|
||||||
'message' => $deletePost ? 'Post deleted!' : 'Failed to delete post.',
|
|
||||||
]);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!$deletePost) {
|
if(!$deletePost) {
|
||||||
echo render_error(500);
|
echo render_error(500);
|
||||||
break;
|
break;
|
||||||
|
@ -168,7 +121,6 @@ switch($postMode) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!$isXHR) {
|
|
||||||
if($postRequestVerified && !$submissionConfirmed) {
|
if($postRequestVerified && !$submissionConfirmed) {
|
||||||
url_redirect('forum-post', [
|
url_redirect('forum-post', [
|
||||||
'post' => $postInfo['post_id'],
|
'post' => $postInfo['post_id'],
|
||||||
|
@ -187,7 +139,6 @@ switch($postMode) {
|
||||||
]);
|
]);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
$nukePost = forum_post_nuke($postInfo['post_id']);
|
$nukePost = forum_post_nuke($postInfo['post_id']);
|
||||||
|
|
||||||
|
@ -197,11 +148,8 @@ switch($postMode) {
|
||||||
}
|
}
|
||||||
|
|
||||||
AuditLog::create(AuditLog::FORUM_POST_NUKE, [$postInfo['post_id']]);
|
AuditLog::create(AuditLog::FORUM_POST_NUKE, [$postInfo['post_id']]);
|
||||||
http_response_code(204);
|
|
||||||
|
|
||||||
if(!$isXHR) {
|
|
||||||
url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]);
|
url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]);
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'restore':
|
case 'restore':
|
||||||
|
@ -210,7 +158,6 @@ switch($postMode) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!$isXHR) {
|
|
||||||
if($postRequestVerified && !$submissionConfirmed) {
|
if($postRequestVerified && !$submissionConfirmed) {
|
||||||
url_redirect('forum-post', [
|
url_redirect('forum-post', [
|
||||||
'post' => $postInfo['post_id'],
|
'post' => $postInfo['post_id'],
|
||||||
|
@ -229,7 +176,6 @@ switch($postMode) {
|
||||||
]);
|
]);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
$restorePost = forum_post_restore($postInfo['post_id']);
|
$restorePost = forum_post_restore($postInfo['post_id']);
|
||||||
|
|
||||||
|
@ -239,11 +185,8 @@ switch($postMode) {
|
||||||
}
|
}
|
||||||
|
|
||||||
AuditLog::create(AuditLog::FORUM_POST_RESTORE, [$postInfo['post_id']]);
|
AuditLog::create(AuditLog::FORUM_POST_RESTORE, [$postInfo['post_id']]);
|
||||||
http_response_code(204);
|
|
||||||
|
|
||||||
if(!$isXHR) {
|
|
||||||
url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]);
|
url_redirect('forum-topic', ['topic' => $postInfo['topic_id']]);
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default: // function as an alt for topic.php?p= by default
|
default: // function as an alt for topic.php?p= by default
|
||||||
|
@ -267,13 +210,9 @@ switch($postMode) {
|
||||||
|
|
||||||
unset($postInfo['preceeding_post_deleted_count']);
|
unset($postInfo['preceeding_post_deleted_count']);
|
||||||
|
|
||||||
if($isXHR) {
|
|
||||||
echo json_encode($postFind);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
url_redirect('forum-topic', [
|
url_redirect('forum-topic', [
|
||||||
'topic' => $postFind['topic_id'],
|
'topic' => $postFind['topic_id'],
|
||||||
'page' => floor($postFind['preceeding_post_count'] / MSZ_FORUM_POSTS_PER_PAGE) + 1,
|
'page' => floor($postFind['preceeding_post_count'] / MSZ_FORUM_POSTS_PER_PAGE) + 1,
|
||||||
]);
|
]);
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
|
@ -67,34 +67,24 @@ $validModerationModes = [
|
||||||
];
|
];
|
||||||
|
|
||||||
if(in_array($moderationMode, $validModerationModes, true)) {
|
if(in_array($moderationMode, $validModerationModes, true)) {
|
||||||
$redirect = !empty($_SERVER['HTTP_REFERER']) && empty($_SERVER['HTTP_X_MISUZU_XHR']) ? $_SERVER['HTTP_REFERER'] : '';
|
|
||||||
$isXHR = !$redirect;
|
|
||||||
|
|
||||||
if($isXHR) {
|
|
||||||
header('Content-Type: application/json; charset=utf-8');
|
|
||||||
} elseif(!is_local_url($redirect)) {
|
|
||||||
echo render_info('Possible request forgery detected.', 403);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!CSRF::validateRequest()) {
|
if(!CSRF::validateRequest()) {
|
||||||
echo render_info_or_json($isXHR, "Couldn't verify this request, please refresh the page and try again.", 403);
|
echo render_info("Couldn't verify this request, please refresh the page and try again.", 403);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
header(CSRF::header());
|
header(CSRF::header());
|
||||||
|
|
||||||
if(!UserSession::hasCurrent()) {
|
if(!UserSession::hasCurrent()) {
|
||||||
echo render_info_or_json($isXHR, 'You must be logged in to manage posts.', 401);
|
echo render_info('You must be logged in to manage posts.', 401);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if($topicUser->isBanned()) {
|
if($topicUser->isBanned()) {
|
||||||
echo render_info_or_json($isXHR, 'You have been banned, check your profile for more information.', 403);
|
echo render_info('You have been banned, check your profile for more information.', 403);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if($topicUser->isSilenced()) {
|
if($topicUser->isSilenced()) {
|
||||||
echo render_info_or_json($isXHR, 'You have been silenced, check your profile for more information.', 403);
|
echo render_info('You have been silenced, check your profile for more information.', 403);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -141,22 +131,10 @@ if(in_array($moderationMode, $validModerationModes, true)) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if($canDeleteCode !== MSZ_E_FORUM_TOPIC_DELETE_OK) {
|
if($canDeleteCode !== MSZ_E_FORUM_TOPIC_DELETE_OK) {
|
||||||
if($isXHR) {
|
|
||||||
http_response_code($responseCode);
|
|
||||||
echo json_encode([
|
|
||||||
'success' => false,
|
|
||||||
'topic_id' => $topic['topic_id'],
|
|
||||||
'code' => $canDeleteCode,
|
|
||||||
'message' => $canDeleteMsg,
|
|
||||||
]);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
echo render_info($canDeleteMsg, $responseCode);
|
echo render_info($canDeleteMsg, $responseCode);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!$isXHR) {
|
|
||||||
if(!isset($_GET['confirm'])) {
|
if(!isset($_GET['confirm'])) {
|
||||||
Template::render('forum.confirm', [
|
Template::render('forum.confirm', [
|
||||||
'title' => 'Confirm topic deletion',
|
'title' => 'Confirm topic deletion',
|
||||||
|
@ -175,22 +153,11 @@ if(in_array($moderationMode, $validModerationModes, true)) {
|
||||||
);
|
);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
$deleteTopic = forum_topic_delete($topic['topic_id']);
|
$deleteTopic = forum_topic_delete($topic['topic_id']);
|
||||||
|
|
||||||
if($deleteTopic) {
|
if($deleteTopic)
|
||||||
AuditLog::create(AuditLog::FORUM_TOPIC_DELETE, [$topic['topic_id']]);
|
AuditLog::create(AuditLog::FORUM_TOPIC_DELETE, [$topic['topic_id']]);
|
||||||
}
|
|
||||||
|
|
||||||
if($isXHR) {
|
|
||||||
echo json_encode([
|
|
||||||
'success' => $deleteTopic,
|
|
||||||
'topic_id' => $topic['topic_id'],
|
|
||||||
'message' => $deleteTopic ? 'Topic deleted!' : 'Failed to delete topic.',
|
|
||||||
]);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!$deleteTopic) {
|
if(!$deleteTopic) {
|
||||||
echo render_error(500);
|
echo render_error(500);
|
||||||
|
@ -208,7 +175,6 @@ if(in_array($moderationMode, $validModerationModes, true)) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!$isXHR) {
|
|
||||||
if(!isset($_GET['confirm'])) {
|
if(!isset($_GET['confirm'])) {
|
||||||
Template::render('forum.confirm', [
|
Template::render('forum.confirm', [
|
||||||
'title' => 'Confirm topic restore',
|
'title' => 'Confirm topic restore',
|
||||||
|
@ -226,7 +192,6 @@ if(in_array($moderationMode, $validModerationModes, true)) {
|
||||||
]);
|
]);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
$restoreTopic = forum_topic_restore($topic['topic_id']);
|
$restoreTopic = forum_topic_restore($topic['topic_id']);
|
||||||
|
|
||||||
|
@ -236,13 +201,10 @@ if(in_array($moderationMode, $validModerationModes, true)) {
|
||||||
}
|
}
|
||||||
|
|
||||||
AuditLog::create(AuditLog::FORUM_TOPIC_RESTORE, [$topic['topic_id']]);
|
AuditLog::create(AuditLog::FORUM_TOPIC_RESTORE, [$topic['topic_id']]);
|
||||||
http_response_code(204);
|
|
||||||
|
|
||||||
if(!$isXHR) {
|
|
||||||
url_redirect('forum-category', [
|
url_redirect('forum-category', [
|
||||||
'forum' => $topic['forum_id'],
|
'forum' => $topic['forum_id'],
|
||||||
]);
|
]);
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'nuke':
|
case 'nuke':
|
||||||
|
@ -251,7 +213,6 @@ if(in_array($moderationMode, $validModerationModes, true)) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!$isXHR) {
|
|
||||||
if(!isset($_GET['confirm'])) {
|
if(!isset($_GET['confirm'])) {
|
||||||
Template::render('forum.confirm', [
|
Template::render('forum.confirm', [
|
||||||
'title' => 'Confirm topic nuke',
|
'title' => 'Confirm topic nuke',
|
||||||
|
@ -269,7 +230,6 @@ if(in_array($moderationMode, $validModerationModes, true)) {
|
||||||
]);
|
]);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
$nukeTopic = forum_topic_nuke($topic['topic_id']);
|
$nukeTopic = forum_topic_nuke($topic['topic_id']);
|
||||||
|
|
||||||
|
@ -279,13 +239,10 @@ if(in_array($moderationMode, $validModerationModes, true)) {
|
||||||
}
|
}
|
||||||
|
|
||||||
AuditLog::create(AuditLog::FORUM_TOPIC_NUKE, [$topic['topic_id']]);
|
AuditLog::create(AuditLog::FORUM_TOPIC_NUKE, [$topic['topic_id']]);
|
||||||
http_response_code(204);
|
|
||||||
|
|
||||||
if(!$isXHR) {
|
|
||||||
url_redirect('forum-category', [
|
url_redirect('forum-category', [
|
||||||
'forum' => $topic['forum_id'],
|
'forum' => $topic['forum_id'],
|
||||||
]);
|
]);
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'bump':
|
case 'bump':
|
||||||
|
|
11
utility.php
11
utility.php
|
@ -117,17 +117,6 @@ function render_info(?string $message, int $httpCode, string $template = 'errors
|
||||||
return \Misuzu\Template::renderRaw(sprintf($template, $httpCode));
|
return \Misuzu\Template::renderRaw(sprintf($template, $httpCode));
|
||||||
}
|
}
|
||||||
|
|
||||||
function render_info_or_json(bool $json, string $message, int $httpCode = 200, string $template = 'errors.%d'): string {
|
|
||||||
$error = $httpCode >= 400;
|
|
||||||
http_response_code($httpCode);
|
|
||||||
|
|
||||||
if($json) {
|
|
||||||
return json_encode([($error ? 'error' : 'message') => $message, 'success' => $error]);
|
|
||||||
}
|
|
||||||
|
|
||||||
return render_info($message, $httpCode, $template);
|
|
||||||
}
|
|
||||||
|
|
||||||
function html_colour(?int $colour, $attribs = '--user-colour'): string {
|
function html_colour(?int $colour, $attribs = '--user-colour'): string {
|
||||||
$colour = $colour == null ? \Misuzu\Colour::none() : new \Misuzu\Colour($colour);
|
$colour = $colour == null ? \Misuzu\Colour::none() : new \Misuzu\Colour($colour);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue